Vulnerability Bulletins

MSA-23-0038: Stored XSS in quiz grading report via user ID number

System information
   
Affected software PHP

Description
by Michael Hawkins. ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.Severity/Risk:MinorVersions affected:4.2 to 4.2.2, 4.1 to 4.1.5 and 4.0 to 4.0.10Versions fixed:4.2.3, 4.1.6 and 4.0.11Reported by:Paul HoldenCVE identifier:CVE-2023-5546Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971Tracker issue:MDL-78971 Stored XSS in quiz grading report via user ID number

More info:

https://moodle.org/mod/forum/discuss.php?d=451587&parent=1814895

Standar resources
Property Value
CVE CVE-2023-5546.

Version history
Version Comments Date
Ministerio de Defensa
CNI
CCN
CCN-CERT